Spring is finally arriving here in the frozen north known as Canada, and about time too. We have had a miserable month of snowstorms, but I hope your weather has been somewhat saner. Another milestone has been reached here at Security Forums! We have surpassed twenty two thousand members. No small feat indeed, but a true testament to the many valuable posts by our members, and the tireless efforts of our moderators. On that note we must all strive to keep this the best forum out there today. We must all do our best to be courteous in our responses, and provide the most relevant information possible. That being said lets take a look at some of March’s more interesting posts.

Speaker for my school

I read a post on one of the mailing lists I subscribe too, and decided to email the poster. The fellow was hoping to get a speaker to come to his University, and give a talk to them on computer security. There was no special topic requested, but more just a hope that someone would have the time to come on down, and speak to a class of computer science students. Several people I know on the forum responded to the poster offline. The reason I mention this post is that many times we get asked the same question on the forum; “how do I get experience in the field of computer security?”. Well, volunteering to do a speaking engagement at your local high school, or college is an excellent way of getting some. Not only that, but you never know who will be in the audience. You could make some valuable contacts, and quite possibly some contract work. Should you also choose to volunteer your time, and expertise in such a capacity, then you will also have given back to the community. Always a laudable goal.

Why backup on tape drives?

An excellent question was asked as to which medium is best for computer system backups. There are several opinions offered in the thread with some good commentary to further explain their choice of medium. In my opinion you are best to use tape, as it is small and portable while offering high data capacity. Though hard disk prices have increased the amount of physical memory some companies have. At my work we presently have a 40TB server sliced up into many sections. Backing up that monstrous size is near impossible really. Hopefully some breakthrough in data compression will happen soon to accommodate such large volumes of disk space.

Web site security

Another monstrous thread was started on the many, many aspects of web site security. If you are new to this specialized security topic then you would be well advised to take the time to read the many informative responses provided in this thread. Several people I know in the security community make a living based solely on web site security, or as they call it application security testing. There is a myriad of concerns as listed in this thread; server side scripting languages, authentication procedures, amongst others. To be a good admin for a web site you need to have many skills predominantly scripting abilities for the many server side scripting languages. Give this thread a read, and feel free to contribute to it.

Which programming language

Another one of those often asked questions is that of, which programming language should one learn first. Well you should also ask yourself what is your end state, after having learned a programming language? Are you planning on becoming a programmer, or are you more interested in simply gaining some programming knowledge. There are many languages, and some have some specific applications such as LISP, or PERL. Well to have most of your questions answered you would be well advised to give this thread a read. There is a great deal of excellent information here with qualifying data to substantiate opinions. Job well done to the posters for having taken so much time to post the lengthy, and detailed responses.

IPS or IDS

All Gartner idiocy hype aside that the IDS is dead, a valid question is asked here as to whether, or not they should get an IPS or IDS. To make things very simple for those of you who don’t know an IDS (intrusion detection system) will passively monitor your network, while an IPS (intrusion prevention system) will monitor your network, and take active measures on predefined suspicious traffic. The IPS is a relatively new technology that is seemingly all the rage right now. Any time you introduce a new technology into your network you should be sure that it will in itself not present a new attack vector. This is especially true for some of the HIPS (host intrusion prevention system) that are out there. Should you decide to purchase an IPS you would be best to ask if the system has been evaluated by an independent third party. Having such an impartial evaluation could save you a lot of money down the road if the product does not live up to its marketing. I was recently at the RSA conference in San Francisco and it was rather interesting to hear some of the hype from the vendors. Seen as I do professional evaluations on this type of security appliance I was rather amused to hear some of the claims being bandied about without evidence to back it up.

Best Anti-Spyware program

A timely post on what is the best anti-spyware program out there was posted on the forums. The poster came to the right place to ask, for we have here some of the best talent as it pertains to dealing with spyware in it’s many forms. For those of you who find yourselves constantly infested with spyware you would be well served to give this highly informative thread a read. Remember that spyware is becoming far more of an issue these days. You wouldn’t want your online banking session eavesdropped on now would you? Give this thread a read and begin to protect yourself by educating yourself!

Well that brings us to the end of the column for another month. I would like to personally thank the members, and moderators for another excellent month. Please also remember that you should feel free to comment on this column. Anyone can make comments here on threads they feel had merit, or on the threads mentioned by myself. Till next month!

Last edited by alt.don on Mon May 02, 2005 12:31 am; edited 3 times in total

In Finland there is a government initiative to educate citizens with computer/internet related security topics, there is even a national security day. This also includes educating parents and teachers about online security threats so there are people going to schools when asked, to give a presentation about security. Hopefully it has somekind of impact to peoples online behavior